People have been lamenting over the end of online privacy since the first Internet wave back in the 90s. Sun Microsystems CEO Scott McNealy sparked a controversy in 1999 when he said “You have zero privacy anyway. Get over it.” Politicians, industry groups like the Electronic Frontier Foundation, and the technology press didn’t like that bold statement and predictably focused on the need for better consumer privacy protections.

15 years later, governments have enacted layers of privacy protection legislation ranging from financial to consumer to healthcare markets. Most of the online industry has adopted voluntary policies for collecting and maintaining customer data, and the latest generation of mobile devices is designed to ask permission before broadcasting sensitive information like the user’s current location.

Why then do we still feel we have no privacy? The nature of our online activity has continued to evolve and at every step it has exposed more information to collection. Overarching the privacy landscape is the network effect of having individual bits and pieces of our online identities indexed and cross-linked. Starting with your name the universe of information linked to you expands and branches to include your employer, email, address, phone number, photos, car, social network, posting history, purchase history, credit, travel, activities, likes, dislikes and more.

You don’t have much privacy if someone really wants to dig in online. With a little social engineering, the purchase of semi-private records, and some search creativity it’s not a stretch for a complete stranger living in another city to follow your digital footprints every day, living your life vicariously at the end of a web connection. For example, this recently revealed software from Raytheon mines social network data to predict a person’s future location, all from publically available information.

We understand that an arbitrary stranger can map our online identities but for the most part we don’t care. Why would it matter to us if someone we will never meet has this kind of information? I’m not talking about people hacking into your bank account, which is a specific security issue. I’m talking about someone collecting a pervasive view of your online activity. Is it really a privacy violation if we’re never in contact? This has the philosophical flavor of the tree falling in the forest with no-one to hear it. It’s only privacy violation if there is someone who feels violated by it.

What we really want is the ability to control our exposure to people we interact with. It used to be that remote strangers would know next to nothing about you, while your neighbors could know nearly everything. In a strong reversal from pre-internet norms we now consider privacy to be the protection of our information from people we actually know, while exposure of significant details to complete strangers matters little. As long as those strangers don’t start contacting our friends and family, they might as well not exist.

This emergent privacy precept places a higher value on protecting information from the people near you. There are already trends in social networks where the backlash against over-exposure created an opportunity for Google Plus to differentiate from Facebook on the basis of limiting the accessibility of personal postings. One can only hope the appearance of a competitive feature will encourage Facebook to enable similar protections.

The advance of internet-mediated communications has evolved the definition of privacy into something more personal and less absolute. We accept that unknown people could learn about us and are largely unconcerned, but we feel more acutely the need to control information flows to the people we actually know. As the internet ecosystem continues to evolve we’ll see more solutions focused on improving subjective online privacy as a practical approach to maintaining user confidence.

Hunt Valley, Md. – May 7, 2014 – Oculis Labs, a developer of data privacy software that protects mobile and desktop computers from visual eavesdroppers, today released results from its “Government Worker Privacy” survey on privacy risks for mobile workers. 104 people were randomly surveyed at the FOSE conference and exposition in Washington D.C., and of those surveyed, 62 percent are concerned about others looking at their displays while 63 percent admit to having looked at other people’s displays. And while it is no surprise that almost everyone (98 percent) claims that privacy is important to them, an astonishing 82 percent of government employees have no security system for protecting their computer screens.

The survey found that 69 percent of respondents use their computers in public places to view sensitive information. In fact, most respondents indicated they work with multiple types of sensitive information. Fifty-seven percent stated that they work with financial/credit card data; 18 percent work with For Official Use Only (FOUO) information (this is primarily used by the United States Department of Defense as a handling instruction for Controlled Unclassified Information); 18 percent work with human resources data and 19 percent work with classified information.

While protecting data on computers is top of mind for everyone, most organizations are focused on conventional security technologies such as anti-virus software, personal firewalls and spam filters. The WikiLeaks episode clearly revealed one crucial fact – the government did not have adequate protections on sensitive data, and the status quo of traditional security tools and official policy could not stop a breach. Besides tightening up controls on removable media, WikiLeaks underscores the need for the government to start looking at a system the way an attacker does – by looking for the weakest links. The majority of breaches are made through social engineering attacks that start with simple observation. Adversaries, especially insiders, start by observing computer screens surreptitiously to launch their attacks.

While most expect the government to operate in a much “safer” working environment, Oculis Labs found that both government and commercial organizations are about equal when it comes to data loss vulnerability. The company executed a survey of mobile workers in the private sector that showed strikingly similar results to this government study. To see the results of the commercial survey visit: http://www.oculislabs.com/products/resources/mobile-worker-privacy-study/

“Preventing data leakage is a high priority for government and yet one of the easiest access points, the computer screen, is overlooked,” said Bill Anderson, CTO, Oculis Labs. “Over-the-shoulder reconnaissance reveals what is available, where it is, and who has access to it – all the ingredients an adversary needs to succeed at a data breach. Traditional tools for protecting screens are the ever-unpopular plastic privacy filters, but even if used they are ineffective at stopping a breach. All it takes is a direct view from behind the user to leak the data. Clearly the government needs a more effective technology solution for securing displayed information.”

The results of the Oculis Labs Government Mobile Worker Privacy Survey are available free of charge at:

Oculis Labs, headquartered in Hunt Valley, Maryland, develops data privacy software that secures the last two feet of the Internet – the distance from the computer screen to a user’s eyes. The company’s products protect valuable information displayed on mobile and desktop computers from unintended viewers. Today the company offers PrivateEye for consumers and the enterprise and Chameleon for government and military users. These two solutions safeguard all displayed information from visual eavesdropping. For more information, visit www.oculislabs.com.

]]>http://www.oculislabs.com/news/government-survey-finds-82-percent-unprotected-against-visual-data-leakage/feed/0Oculis Solutions: Securing the Displayhttp://www.oculislabs.com/blog/new-overview-presentation/ http://www.oculislabs.com/blog/new-overview-presentation/#commentsWed, 16 Apr 2014 16:54:53 +0000Oculis Labshttp://www.oculislabs.com/?p=3057I’ve recently recorded a presentation we give on why protecting the last 2 feet is important, and how Oculis Labs does it with PrivateEye and Chameleon. Those who have been following our progress will probably enjoy hearing how we present the problem space, the opportunity, and our solution to prospective customers.

If you’re looking to understand why display protection is such an important (and often missing) component of your security system, please take a break and check out this video:

Hunt Valley, Md. – December 13, 2014– Oculis Labs, a developer of data privacy software that protects mobile and desktop computers from visual eavesdroppers, released results from its “Mobile Worker Privacy” survey focused on identifying privacy concerns when using laptop computers for mobile work. 105 people were randomly surveyed, and of those surveyed, 90 percent are concerned about people looking at private information on their computer displays in public places. That said, 89 percent of these individuals have not installed any type of security solution to protect the data displayed on their computer screens.

While protecting data on computers is top of mind for everyone, most organizations are focused on conventional security technologies such as anti-virus software, personal firewalls and spam filters. Few organizations have solutions to address the vulnerability of their computer displays. Not only is looking at another person’s computer screen a violation of privacy and a profitable way to acquire confidential information, it is now prohibited by a new federal computer fraud and abuse statute (18 U.S.C. 1030).

The impact of individuals not protecting data on computer screens has serious financial consequences for businesses. In 2008 the U.S. Secret Service and CERT at the Carnegie Mellon Software Engineering Institute performed an in-depth study of insider incidents at a wide variety of government, financial, IT and telecommunication entities. Their study revealed that 42% of incidents began with simple observation of unprotected computer screens, resulting in an average cost of $400,000 per incident.

The Mobile Worker Privacy survey also found 83 percent of respondents admitted to using a computer in a public place with confidential information on their computer screens. The top four data types exposed in public places, in order, are:

Corporate proprietary information (77 percent)

Financial data (53 percent)

Credit card information (52 percent)

Social security numbers (32 percent)

“The results of the survey are clear: people need a privacy solution to stop visual intruders from looking at their screens,” said Bill Anderson, CTO, Oculis Labs. “Despite strong privacy concerns, people are not aware of the latest security products available to secure their information and maintain corporate compliance with regulations. When an eavesdropper can steal valuable information in mere seconds by looking at a computer screen, it is time to upgrade your security approach.”

Oculis Labs offers a next-generation data privacy software solution for companies with a mobile workforce and who have to comply with data privacy regulations. PrivateEye Enterprise is a data security and compliance software product that protects computer screens against data leakage while enabling employees to work normally. In contrast to screen savers and plastic filters, PrivateEye Enterprise actively protects information against exposure and produces a positive audit trail showing proof-of-protection.

Oculis Labs, headquartered in Hunt Valley, Maryland, develops data privacy software that secures the last two feet of the Internet – the distance from the computer screen to a user’s eyes. The company’s products protect valuable information displayed on mobile and desktop computers from unintended viewers. Today the company offers PrivateEye for consumers and the enterprise and Chameleon for government and military users. These two solutions safeguard all displayed information from visual eavesdropping. For more information, visit www.oculislabs.com.

]]>http://www.oculislabs.com/office/mobile-worker-privacy-survey-finds-77-percent-exposure-of-confidential-data/feed/0Insider Threat: A Closer Lookhttp://www.oculislabs.com/blog/insider-threat-a-closer-look/ http://www.oculislabs.com/blog/insider-threat-a-closer-look/#commentsWed, 12 Feb 2014 18:39:15 +0000Billhttp://www.oculislabs.com/?p=3297You spend the better part of every day working closely with colleagues who share the same goals. You’re all loyal, hardworking and smart. Well, mostly all. If there’s a social engineer in your office you get just two out of three. Social engineers work hard and they’re smart – they’re just not on your side.

Simple Observation: What you see is what you get

Studies by the Secret Service, Verizon Business, and CERT at Carnegie Mellon have found up to 50% of information security breaches are caused by insiders. These are employees with an axe to grind, or who see an opportunity for financial gain. They’re not easy to spot – demographic analysis shows no easy pattern to finding the bad apples before they spoil.

You might think you could easily spot them by their hacker credentials, pasty complexion and tendency to cackle aloud. You’d be wrong. The same studies found an astonishing 42% of insider breaches involved no more than simple observation of computer screens. There were no sophisticated tools involved, just the skill to look around the office and discover the orienting information needed for a successful breach.

To a social engineer intent on extracting data, the modern office reads like an open book. Over-the-shoulder reconnaissance reveals what is available, where it is, and who has access to it – all the ingredients an adversary needs to succeed at a data breach.

Whether it starts inside or out breaches are expensive, costing companies an average of $750,000 per incident.

Government Legislation to the Rescue?

The U.S. Government has recognized the issue and in 2010 updated the legal definition of Computer Trespassing to include “looking at a computer screen that an individual was not authorized to view.”

While the new statute makes it easier to prosecute social engineers, catching or (even better) preventing them remains the primary challenge. What’s lacking are technical security solutions to protect information over the last two feet of the network: from the screen to the user’s eyes.

Conventional Security Stops Short

You’ve got an IT department to stay on top of security threats, so you’re probably wondering where all that money has been going. Conventional security tools are all about protecting data “on-the-wire” – inside the network and on your hard drive. That’s necessary, but not sufficient.

Organizations that focus exclusively on network security may keep out external attackers, but that’s not enough to prevent insider-driven breaches. Without also protecting data-in-use on computer screens it’s like locking the doors while leaving the windows open.

Securing the Last Two Feet

To counter the insider threat we need to think about the full information lifecycle – from creation to consumption. Where portions of that cycle are exposed to the outside world we need to think about who has access and how to control it. There’s a lot of “low-hanging fruit” along that path. The next time you’re thinking about allocating resources to some expensive network security project consider first the completely unprotected spaces between the user and the screen and plug them first. You’ll save money and come out ahead on security at the same time.

]]>http://www.oculislabs.com/blog/insider-threat-a-closer-look/feed/05 Simple Steps to Ensure Your Computer Privacyhttp://www.oculislabs.com/blog/5-things-to-ensure-your-computer-privacy/ http://www.oculislabs.com/blog/5-things-to-ensure-your-computer-privacy/#commentsFri, 17 Jan 2014 22:08:10 +0000Billhttp://www.oculislabs.com/?p=3309Your computer is your gateway to your online life. Every day you read and post to social media, email colleagues and friends, share photos, and documents. You probably do your banking, book travel, and manage your daily plans and schedules. Most people are so connected they forget just how much data goes in… and how much could come out.

You’re not leading the life of an international spy, so you don’t need to worry that your every move is being watched. Still, you do need to be concerned about some things you’re doing that could land you in serious trouble.

Here are the top 5 steps you should take to ensure you don’t become a privacy victim:

Lock your screen. Sometimes we forget to take the simplest security measures. You need to keep out the people who could use your absence to plug in a USB drive and steal your data. If you’re going to be away even briefly, lock your screen. Better yet – use a security system like PrivateEye that will automatically lock it for you whenever you’re away.

Be aware of your surroundings. A bit of healthy caution is better than blind trust. This means you can’t ignore the people who surround you every day. Every now and then take a look around at who is close enough to be snooping at your screen. Assess the situation. Are you working on something you wouldn’t post for everyone to see? If that’s true take care to ensure your screen is not visible to passers-by.

Expect to be famous. You may not face daily battles with the Paparrazi, but you might consider adopting something of that mindset to your online presence. You need to realize that everything you post could be collected, collated, compiled, analyzed and used against you. It’s not only public search tools you need to consider, but private tools and databases as well. With a few clicks a potential thief can get from your “on vacation in Aruba” Facebook post to your home address, telephone number, bank, license plate and social security number. Beware that what you post is available to people who are not your friends.

Use a VPN on public WiFi. Did you know that everything you send over an http:// web connection can be seen by a network snooper? Someone could be sitting right next to you in a coffee shop collecting all of your social networking data – including passwords. And if you use the same password for other accounts – like your bank account – you could be asking for serious trouble.

Encrypt your drive. It doesn’t matter how careful you are with passwords and network access if your laptop falls into the wrong hands. If you have a standard OS it means all your data, web history, and communications can be extracted from the hard drive. Your password isn’t going to help you because an attacker can bypass your operating system and go straight to reading data from the drive. The only way to prevent this is to run a full disk encryption product that turns your drive into a brick when you’re not using it.

]]>http://www.oculislabs.com/blog/5-things-to-ensure-your-computer-privacy/feed/0Privacy in a Social Engineering Worldhttp://www.oculislabs.com/blog/privacy-in-a-social-engineering-world/ http://www.oculislabs.com/blog/privacy-in-a-social-engineering-world/#commentsSat, 15 Jun 2013 17:19:09 +0000Billhttp://www.oculislabs.com/?p=3162To a social engineer intent on extracting data, the modern office reads like an open book. Over-the-shoulder reconnaissance reveals what is available, where it is, and who has access to it – all the ingredients an adversary needs to succeed at a data breach. Organizations that focus exclusively on network security may keep out external attackers, but that’s not enough to prevent insider-driven breaches. Without also protecting data-in-use on computer screens it’s like locking the doors while leaving the windows wide open.

See this new webinar by CEO Bill Anderson as he talks about social engineering trends, threats to government information systems, and what you can do about it.

]]>http://www.oculislabs.com/blog/privacy-in-a-social-engineering-world/feed/0Oculis Labs Named “Cool Vendor” in Privacy by Gartnerhttp://www.oculislabs.com/oculis-labs/oculis-labs-named-cool-vendor-in-privacy-by-gartner/ http://www.oculislabs.com/oculis-labs/oculis-labs-named-cool-vendor-in-privacy-by-gartner/#commentsTue, 07 May 2013 15:33:25 +0000Oculis Labshttp://www.oculislabs.com/?p=3459Vendors Selected for the Gartner “Cool Vendor” Report Are Recognized as Innovative, Impactful and Intriguing

Hunt Valley, Md. – May 7, 2013 – Oculis Labs, a developer of security software that protects computers from visual data leakage,solutions, today announced has been included in the list of “Cool Vendors” in the “Cool Vendors in Privacy” report by Gartner, Inc. Gartner defines a Cool Vendor as a vendor that offers technologies or solutions that are innovative, impactful and intriguing.

With the increasing rate of adoption of mobility-enabling technologies including virtual desktops and BYOD, people and organizations are experience increasing levels of serious privacy breach. Traditional security tools like VPN and encryption stop at the network edge and fail to protect privacy in the real world. Oculis Labs’ PrivateEye solution uniquely fills the need to protect information wherever and whenever it is being viewed – on laptops in a coffee shop, tablets in the airport and smartphones everywhere.

“Our inclusion in the Gartner Cool Vendor report is confirmation that the market is ready for a better approach to securing data privacy,” said Bill Anderson, CEO at Oculis Labs. “We looked at the gaps left by conventional security tools and found a great opportunity to use computer vision technology to protect against threats in the real world. Our PrivateEye product delivers display privacy and gives organizations the tools they need to ensure compliance with regulations.”

Incident Capture – Captures and timestamps pictures of anyone attempting to eavesdrop over a user’s shoulder. Enables detection and mitigation of social engineering threats.

About Oculis Labs

Oculis Labs, headquartered in Hunt Valley, Maryland, develops data privacy software that secures the last two feet of the Internet – the distance from the computer screen to a user’s eyes. The company’s products protect valuable information displayed on mobile and desktop computers from unintended viewers. Today the company offers PrivateEye for consumers and the enterprise and Chameleon for government and military users. These two solutions safeguard all displayed information from visual eavesdropping. For more information, visit www.oculislabs.com.

Disclaimer: Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Hunt Valley, Md. – April 25, 2013 – Oculis Labs, a developer of security software that protects computers from visual data leakage, today announced that it has joined the Citrix Ready® Program. PrivateEye Enterprise™ has been verified as Citrix Ready for use with Citrix XenDesktop®. Designed to protect enterprise data at the point of use, PrivateEye Enterprise is an essential tool for organizations with a mobile workforce. Virtual desktop use in the enterprise means that sensitive data can be viewed anytime, anywhere – on laptops in a coffee shop, tablets in the airport, and smartphones everywhere. PrivateEye Enterprise makes your data is available to your employees and only to them – no matter where they happen to be.

Large enterprise is quickly migrating to Citrix virtual desktops in order maintain better reliability and security for sensitive corporate data. A core driver for desktop virtualization adoption is that it keeps data safely in the corporate datacenter or cloud instead of putting it at risk on the endpoint. PrivateEye Enterprise adds the vital missing piece in cloud security as it protects data in the one place where it is still exposed to the outside world: the user’s display.

PrivateEye Enterprise protects data whenever it is on the screen. The user can work normally and sees a normal display, but PrivateEye detects and prevents potential eavesdroppers from looking over the user’s shoulder. PrivateEye Enterprise works in any Windows virtual desktop with access to a webcam. Key features include:

Screen Protection – Automatically protects the screen whenever the user looks away from it. Instantly clears it again when the user looks back.

Incident Capture – Captures and timestamps pictures of anyone attempting to eavesdrop over a user’s shoulder. Enables detection and mitigation of social engineering threats.

PrivateEye Enterprise is available immediately at a price of $60 for a single license, and larger corporate licenses are available as low as $30 per seat. Customers can download a 30 day free trial of the full product at www.privateeyeenterprise.com.

About the Citrix Ready Program

The Citrix Ready program identifies verified solutions that are trusted to enhance virtualization, networking and cloud computing solutions from Citrix, including XenDesktop®, XenApp®, XenServer®, NetScaler® . The Citrix Ready designation is awarded to third-party products that have successfully met verification criteria set by Citrix, and gives customers an added confidence in the compatibility of the joint solution offering. The Citrix Ready program leverages industry-leading alliances across the Citrix partner eco-system to meet a wide variety customer needs, and currently incorporates over partners who have demonstrated more than 22,000 product verifications. It also includes the Citrix Ready Community Verified program which allows customers to see thousands of products that have been verified by other customers to work in their production environments. More information about the Citrix Ready program can be found at www.citrix.com/ready Reach Citrix ready using social media via the Citrix Ready blog site and Twitter.

About Oculis Labs

Oculis Labs, headquartered in Hunt Valley, Maryland, develops data privacy software that secures the last two feet of the Internet – the distance from the computer screen to a user’s eyes. The company’s products protect valuable information displayed on mobile and desktop computers from unintended viewers. Today the company offers PrivateEye for consumers and the enterprise and Chameleon for government and military users. These two solutions safeguard all displayed information from visual eavesdropping. For more information, visit www.oculislabs.com.

###

Citrix®, Citrix Ready® and XenDesktop® are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners.

Hunt Valley, Md. – April 8, 2013 – Oculis Labs, a developer of security software that protects computers from visual data leakage, today announced major feature and performance updates to PrivateEye™ Enterprise. Designed to protect enterprise data at the point of use, PrivateEye Enterprise is an essential tool for organizations with a mobile workforce. Mobile device use in the enterprise means that sensitive data can be viewed anytime, anywhere – on laptops in a coffee shop, tablets in the airport, and smartphones everywhere. Bring-Your-Own-Device (BYOD) and virtual desktops expose enterprise information 24 hours a day. PrivateEye Enterprise ensures your data is available to your employees and only to them – no matter where they happen to be located.

Studies by the US Secret Service have found that 20% of all computer breaches start with an unprotected computer screen. They found that attackers gained sufficient information from simple observation of employees’ displays to launch widespread and damaging attacks on organizations including financial, healthcare and the federal government.

PrivateEye Enterprise protects data whenever it appears on the screen. It runs within a user’s active session to monitor user attention and potential eavesdroppers to actively prevent breaches. The key insight differentiating PrivateEye is that the most immediate risk comes from direct observation of a computer display. Organizations exclusively using conventional access controls are still at risk because they fail to protect the data when it is being viewed.

“PrivateEye Enterprise helps us protect sensitive client healthcare and financial information,” said Jody Buyalos, Executive Vice President of The Insurance Exchange. “In our business client confidentiality cannot be left to chance – our customers depend on it. We like the simplicity of use, and the confidence it gives us to know that customer information is being continually protected.”

The new release achieves up to a 90% reduction in power consumption through refinements in Oculis Labs’ patent-pending technology for user attention sensing. PrivateEye protects on-screen data without requiring expensive face recognition for access control. The solution’s continuous attention sensing capability links the person sitting in front of the computer to a prior successful login. This approach simplifies administration because there is no database of authorized user faces to be approved and managed by a central authority.

Also new in this release, is support for Windows 8 and Citrix XenDesktop. Whether it is the latest Windows tablet, or a large scale Virtual Desktop Infrastructure (VDI) deployment, PrivateEye Enterprise will protect on-screen data.

Key PrivateEye Enterprise features include:

Screen Protection – Automatically protects the screen whenever the user looks away from it. Instantly clears it again when the user looks back.

Incident Capture – Captures and timestamps pictures of anyone attempting to eavesdrop over a user’s shoulder. Enables detection and mitigation of social engineering threats.

SC Magazine had this to say about PrivateEye Enterprise: “This is about the coolest and, at the same time, most useful security product we have seen in a long time. It is simple to use, very effective, and actually serves a real and important purpose.”

The new version of PrivateEye Enterprise is available immediately at a price of $60 for a single license, and with larger corporate licenses is available as low as $30 per seat. Customers can download a 30 day free trial at www.privateeyeenterprise.com.

About Oculis Labs

Oculis Labs, headquartered in Hunt Valley, Maryland, develops data privacy software that secures the last two feet of the Internet – the distance from the computer screen to a user’s eyes. The company’s products protect valuable information displayed on mobile and desktop computers from unintended viewers. Today the company offers PrivateEye for consumers and the enterprise and Chameleon for government and military users. These two solutions safeguard all displayed information from visual eavesdropping. For more information, visit www.oculislabs.com.